Check Point Advisories

Update Protection against Trend Micro OfficeScan CGI Parsing Buffer Overflow Vulnerability

Check Point Reference: CPAI-2008-239
Date Published: 7 Nov 2008
Severity: High
Last Updated: Tuesday 01 January, 2008
Source: Secunia Advisory: SA32005
Industry Reference:CVE-2008-3862
Protection Provided by:
Who is Vulnerable? Trend Micro OfficeScan 7.x Prior to 7.3 Build 1374
Trend Micro OfficeScan 8.x Prior to 8.0 SP1 Patch 1
Vulnerability Description A buffer overflow vulnerability was reported in Trend Micro’s OfficeScan. Trend Micro OfficeScan is a centralized virus and security scan management system. The flaw is due to a boundary error when handling HTTP requests. An unauthenticated remote attacker can trigger this vulnerability to inject and execute arbitrary code on a vulnerable installation of OfficeScan.
Vulnerability DetailsThe flaw resides in the OfficeScan CGI module. The vulnerable code does not verify the length of the data in the HTTP request. Successful exploitation will result in code execution.

Protection Overview

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK